Bug 1577361 - Unable to dump policy using oslopolicy-policy-generator
Summary: Unable to dump policy using oslopolicy-policy-generator
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
Target Milestone: zstream
: 10.0 (Newton)
Assignee: Harry Rybacki
QA Contact: nlevinki
Depends On: 1572317
TreeView+ depends on / blocked
Reported: 2018-05-11 19:24 UTC by Harry Rybacki
Modified: 2018-11-01 20:03 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1572317
Last Closed: 2018-11-01 20:03:53 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1740951 0 None None None 2018-05-11 19:24:50 UTC
Red Hat Knowledge Base (Solution) 3182981 0 None None None 2018-05-11 19:24:50 UTC

Comment 1 RHEL Program Management 2018-05-16 21:42:36 UTC
Product Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Comment 2 Harry Rybacki 2018-10-15 20:37:43 UTC
Attempting to reproduce this on OSP10 has failed.:

root@harold ~]# ssh stack@undercloud-0

[stack@undercloud-0 ~]$ source stackrc 

(undercloud) [stack@undercloud-0 ~]$ openstack server list
| ID                                   | Name         | Status | Networks               | Image          | Flavor     |
| ec445e94-b683-46ac-84ac-ccb32c81aaab | controller-0 | ACTIVE | ctlplane=  | overcloud-full | controller |
| 02b6afd3-2e64-41ba-837e-a0972c9e13ef | compute-0    | ACTIVE | ctlplane= | overcloud-full | compute    |

(undercloud) [stack@undercloud-0 ~]$ ssh heat-admin@

[heat-admin@controller-0 ~]$ oslopolicy-policy-generator --namespace keystone
"identity:delete_project": "rule:admin_required"
"identity:list_revoke_events": "rule:service_or_admin"
"identity:revoke_system_grant_for_group": "rule:admin_required"


"identity:list_system_grants_for_user": "rule:admin_required"
"identity:list_registered_limits": ""
"identity:delete_region": "rule:admin_required"

This worked for cinder and nova as well. I believe we can close this.

Comment 3 Harry Rybacki 2018-11-01 20:03:53 UTC
Per comment#2, I don't think the bug is reproducible. Closing as WORKSFORME. Pleease re-open if you encounter the issue again.

Note You need to log in before you can comment on or make changes to this bug.